Forum Discussion
Terry_77423
Altostratus
AltostratusLDAP vs Active Directory Authentication performance.
We are in the process of configuring Exchange Hybrid with office 365, which requires some modifications to our F5 iapp. A concern that has arisen is a requirement for users to login with different credentials then they are used to. Another post on devcentral suggested changing the default authentication from AD to LDAP authentication and a search filter such as the following:
(|(sAMAccountName=%{session.logon.last.logonname})(mail=%{session.logon.last.logonname})
(userPrincipalName=%{session.logon.last.logonname}))
This will allow the user to log in with samaccountName email address or userPrincipleName, as all of these values are different in our environment. An LDAP query is used to retrieve userPrincipleName, which is then presented to backend servers in SSO. I have tested, and it works for activesync,owa and autodiscover
My question is, due to the fact that that I have changed from Kerberos to LDAP authentication, and this will be for all connection types for all users, should I worry about any negative performance impact from these changes?
APM uses the MIT kerberos libraries for kerberos and openldap for ldap. Both of these can support many authentications per second.
LDAP Query is usually faster than AD Query because it requires fewer network transactions.
APM uses the MIT kerberos libraries for kerberos and openldap for ldap. Both of these can support many authentications per second.
LDAP Query is usually faster than AD Query because it requires fewer network transactions.